[原文]Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.

-
漏洞信息 (F46100)

Ubuntu Security Notice 279-1 - Jayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner; a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash.

-
漏洞描述

Nessus NASL contains a flaw that may allow a remote denial of service. The issue is triggered when a rouge plugin is loaded by the Nessus server which contains a malicious 'split' function call, and will result in loss of availability for the platform.

-
时间线

公开日期:
2006-04-25

发现日期:
2006-04-20

利用日期:2006-04-25

解决日期:Unknow

-
解决方案

Upgrade to version Nessus version 2.2.8 / 3.0.3 or higher, or libnasl revision 1.46.2.9 or higher, as it has been reported to fix this vulnerability. In addition, the OS2A Team has released a patch for some older versions.